• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Adding CSP to Struts 1.2.7

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Has anyone added CSP to struts 1.2.7?  

1.2.7 doesn't seem to have the BaseDispatchAction class.  At least not that I can pull up with my IDE.
 
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you're working on a web app that still uses Struts 1.x, the first thing you need to do is to upgrade it to the latest Struts 2 version. All versions of Struts 1 have several publicized security holes that have not -and will not- get patched.
 
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree with Tim.
That said, I'm not aware of any BaseDispatchAction class in Struts 1.  There is a DispatchAction, which is an abstract class intended to be extended by the developer and used to create a class with several related execute methods (For example, all the CRUD methods for a particular piece of data).
 
william chester
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Unfortunately I don't have the choice to upgrade at this time.  I guess I should ask does csp work in struts 1.2.7?
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
By CSP, do you mean Content Security Policy?  I have used Tomcat's httpHeaderSecurity to add protection against malicious requests.  
You should be aware that Struts 1.2.7 has known vulnerabilities to cross site scripting (among other known attacks) and I don't know that a filter at the server layer would protect against that.
If you are concerned about security (including XSS), the solution is to upgrade Struts or move to another framework.
 
What are you saying? I thought you said that Santa gave you that. And this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic